Unveiled – How Iran Spies on Internet Users and Counterspy

A sends:

Refer to peyvandha.ir. If you go to the site from Iran, it resolves to an IP in the 
famous Iranian "national internet" with IPs starting with 10.10.X.X. The IP and 
website belong to the Ministry of Islamic Guidance. Therefore, not only Police and 
Intelligence can monitor online behavior, through this trick, another entity that is
involved in Iran's internet infrastructure can monitor and learn who goes to filtered 
websites or make attempts to communicate with those sites. 

More interestingly is below. The stupid staff who registered the IP and domain are 
using Gmail and Yahoo accounts to maintain their access to the domain. Since I happen 
to know getting into someone's Yahoo account is easier than drinking water (no need 
for showing the tech here), there is opportunity for rogue elements to monitor Iranian 
user's behavior, partially and ironically, the people who are forcing people to use 
"local national" email systems such as mail.iran.ir, are using Gmail and Yahoo 
themselves. :)

root# whois peyvandha.ir

domain: peyvandha.ir
ascii: peyvandha.ir
remarks: (Domain Holder) Ministry of Culture and Islamic Guidance
remarks: (Domain Holder Address) No. 229, Ministry of Culture and Islamic, Kamalolmoke 
St., Baharestan Sq.,, Tehran, Tehran, IR
holder-c: mi151-irnic
admin-c: mi151-irnic
tech-c: mk168-irnic
nserver: a-ir1.hostiran.net
nserver: b-ir1.hostiran.net
last-updated: 2011-02-23
expire-date: 2016-04-06
source: IRNIC # Filtered
nic-hdl: mi151-irnic
org: Ministry of Culture and Islamic Guidance
e-mail: ahajitorab@gmail.com
address: No. 229, Ministry of Culture and Islamic, Kamalolmoke St., Baharestan Sq.,, 
Tehran, Tehran, IR
phone: +98 21 38513104
fax-no: +98 21 33966068
source: IRNIC # Filtered
nic-hdl: mk168-irnic
person: Mostafa Khademolmele
e-mail: mkhadem61@yahoo.com
source: IRNIC # Filtered